Skip to content
/ auto-sslscan Public

A script that parses nmap.xml output, identifies all SSL services and automatically performs an sslscan of each service

14 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

attackdebris/auto-sslscan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
README.md
README.md
 
 
auto-sslscan.py
auto-sslscan.py
 
 

Repository files navigation

Auto-sslscan

Auto-sslscan is a python script designed to automate the process of conducting ssl scanning via sslcan (https://github.com/rbsec/sslscan).

The Auto-sslscan script parses an nmap.xml output file, extracts all SSL services and automatically performs an sslscan of them.

Installation

git clone https://github.com/attackdebris/auto-sslscan.git

Prerequisites

The pre-reqs are:

  1. Python (tested on Python 2.7)
  2. You must have sslscan installed and in your path (default in Kali)
  3. You need a valid Nmap XML output file (see below)
  4. You need python-libnmap (see below)

Installing python-libnmap

You can install libnmap via pip:

pip install libnmap

or via git:

$ git clone https://github.com/savon-noir/python-libnmap.git
$ cd python-libnmap
$ python setup.py install

Nmap XML File

The Nmap XML file must have been created with version scanning enabled i.e. via Nmap flags -sV or -A (see below)

nmap -A -p 1-65535 -iL targets.txt -oX nmap-output.xml 
nmap -sS -sV -p 1-65535 -iL targets.txt -oX nmap-output.xml

Usage

./auto-sslscan.py 
auto-sslscan - v0.1 ( https://github.com/attackdebris/auto-sslscan )

USAGE: auto-sslscan.py [nmap-ouput.xml] [output-file]

Example

./auto-sslscan.py nmap-output.xml outfile.txt
auto-sslscan - v0.1 ( https://github.com/attackdebris/auto-sslscan )

Performing sslscan of 185.176.90.16:443
Performing sslscan of 199.101.100.186:31337

sslscan results saved to: outfile.txt
SSL services list saved to: ssl-services.txt

Output / Results

The output from the script is a concatenated file (see below)

cat outfile.txt 

====================================================================
auto-sslscan - v0.1 ( https://github.com/attackdebris/auto-sslscan )
====================================================================

Version: 1.11.10-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Testing SSL server 185.176.90.16 on port 443 using SNI name 

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
---snip---

Credit

The base code I used to create this: https://github.com/DanMcInerney/nmap-parser/blob/master/nmap-parser.py

About

A script that parses nmap.xml output, identifies all SSL services and automatically performs an sslscan of each service

Resources

Readme
Activity

Stars

14 stars

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages